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The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )S Responsive to communication(s) filed on 09 January 2006 . 
2a)D This action is FINAL. 2b)l2 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) M Claim(s) See Continuation Sheet is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [X] Claim(s) See Continuation Sheet is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Application No. 09/894,918 



Continuation of Disposition of Claims: Claims pending in the application are 1,3-7,11,12,16,17,19,20,22- 
26,28,30,31,35,36,38,39,41-45,47,49,50,54,55,57-62,64 and 68-70. 



Continuation of Disposition of Claims: Claims rejected are 1,3-7,11,12,16,17,19,20,22-26,28,30,31,35,36,38,39,41- 
45,47,49,50,54,55,57-62,64 and 68-70. 
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DETAILED ACTION 

Response to Amendment 

This action is in response to Applicant's amendment filed January 9, 2006. Claims 1, 3- 
7, 11-12, 16-17, 19-20, 22-26, 28, 30-31, 35-36, 38-39, 41-45, 47, 49-50, 54-55, 57-62, 64 and 
68-70 are pending in the present application. 

Continued Examination Under 37 CFR LI 14 
A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 .17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on November 15, 2005 has been entered. 

Claim Objections 

Claim 67 is missing. Appropriate correction is required. 

Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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Claims 1, 3-7, 11-12, 16-17, 19-20, 22-26, 28, 30-31, 35-36, 38-39, 41-45, 47, 49-50, 54- 
55, 57-62, 64 and 68-70 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cox 
(U.S. Patent No. 6,738,814; hereinafter Cox) in view of Eichstaedt et al. (U.S. Patent No. 
8,62,230; hereinafter Eichstaedt) in further view of Maher, III et al. (U.S. Patent No. 6,654,373; 
hereinafter Maher), in further view of Alcendor et al. (U.S. Patent No. 6,337,899; hereinafter 
Alcendor). 

In considering claims 1, 4-5, 19-20, 22-23, 38-39 and 41-42, the combined system of 
Cox, Eichstaedt, Maher and Alcendor discloses a method for securing an accessible computer 
system, the method comprising: 

receiving more than one data packet (col. 3, lines 26-29) each includes a pay load portion 
and an attribute portion (fig, 2 step 20 and col. 3, lines 30-33), received packets are analyzed; 
packets include a payload portion and an attribute portion) and are communicated between at 
least one access requestor (fig. 1, means 16, access requestor or attacker) and at least one access 
provider (fig. 1 means 12, access provider); monitoring at least the payload portion of the data 
packet received by scanning the payload portion for at least one predetermined pattern (col. 3, 
lines 41-45); While Cox discloses analyzing incoming packets against known patterns and 
denying access to the access provider by the access requestor when there is a match of the known 
pattern, Cox does not disclose the step of counting the number of data packets that include the 
predetermined pattern and denying access when that number exceeds a configurable threshold. 

Nonetheless, denying access to client computers of data object access through a server 
computer when a predefined minimum value is exceeded is well known as evidenced by 
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Eichstaedt. In similar art Eichstaedt discloses a method for automatically limiting access of a 
client computer to data objects accessed through a server computer wherein when a server 
receives a data request (packet) from a client machine over the network, the request values of the 
received request having a client identifier (pattern) matching a logged entry are calculated and 
compared to a predefined maximum request values. If the request values exceed a corresponding 
predefined maximum request value, the request is refused or denied (see Eichstaedt col. 6, lines 
46-61). 

It would have been obvious to a person having ordinary skill in the art to modify the 
system for blocking denial of service attacks to include the step of counting a number of data 
packets including a predetermined pattern in addition to matching the predetermined pattern and 
denying access when that number exceeds a configurable threshold in order to decrease or deny 
abusive traffic (i.e. denial of service attacks) thereby preventing server or website shut downs, 
flooding, and overloading. Attacks can cause websites to temporarily cease operation and 
interrupt access by legitimate consumers, it would thus be advantageous to incorporate such a 
system to avoid such a costly, in both time and money; non-operation period. Therefore the 
claimed limitations would have been obvious modifications. 

Cox further discloses denying access by the access requestor to the access provider when 
a number of payload portions that include the predetermined pattern exceed the threshold 
number (see Cox col. 3, lines 41-54). While Cox discloses analyzing the incoming packet against 
known patterns, Cox does not explicitly disclose that the monitoring includes scanning at least 
the payload portion of the data packet for at least one predetermined pattern. Nonetheless, 
scanning the packet's payload and matching it against known patterns or strings is well known as 
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evidenced by Maher. In similar art, Maher discloses a payload analyzer that scans the contents of 
data packet's payload and attempts to match the payload contents against a database of known 
strings (col. 2, lines 64-66). 

According to Maher, the ability to look beyond the header information, while still in the 
fast-path and into the packet contents; would allow a network device to identify the nature of the 
information carried in the packet, thereby allowing much more detailed packet classification. The 
knowledge of the content would also allow specific contents to be identified and scanned to 
provide security such as virus detection, denial of service prevention, etc. It would have been 
obvious for a person having ordinary skill in the art, to modify the system as taught by Cox to 
include the step of scanning the entire packet including the payload in order to maintain an 
awareness of content over an entire traffic flow, and identify and filter out security problems 
such as email worms, viruses, denial of service attacks, and illegal hacking. 

Cox also fails to explicitly teach monitoring the payload portion of the data packets 
directed from at least one of the access providers to at least one of the access requestors, and 
denying subsequent when the number of the data packets received from the access provider to 
the access requestor exceeds a configurable threshold number. Nonetheless, this feature is being 
taught by Alcendor, which discloses limiting a number of login retries in a server, and rejecting 
the login attempt based on the number of login retries from the server to the client (see col. 7, 
lines 27-33). 

At the time the invention was made, one of ordinary skill in the art would have been 
motivated to monitor and limit data packets directed from the access provider to the access 
requestor in order to limit the amount of access in the system, therefore enhancing its security. 
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In considering claims 3, 22, and 41, the combined system of Cox, Eichstaedt, Maher and 
Alcendor that: monitoring the data packets includes scanning the payload portion while handling 
the data packets with a switch (See Maher, col. 11, lines 3-17). 

In considering claims 6, 25, and 44, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that at least one data packet is distinguished based on an Internet address 
associated with the packet (See Eichstaedt col. 6, lines 46-48). 

In considering claims 7, 26, and 45, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that receiving the data packet includes receiving more than one data packet; 
and monitoring the data packet includes monitoring all of the data packets received (See Maher 
col. 7, lines 10-19). 

In considering claims 28, and 47, the combined system of Cox, Eichstaedt, and Maher 
and Alcendor discloses that the data packets are monitored when communicated from the client 
to the host or from host to the client (See Maher col. 3, lines 39-45). 

In considering claims 11, 30, and 49, the combined system of Cox, Eichstaedt, and Maher 
and Alcendor discloses that the predetermined pattern includes a login failure message 
communicated from the access requestor to the access provider (See Maher col. 7, lines 15-17). 

In considering claims 12, 31, and 50, although the combined system of Cox, 
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Eichstaedt, Maher and Alcendor discloses the system substantially as claimed, it does not 
specifically disclose that the data packets include a token-based protocol packet, a TCP packet or 
a PPP packet. Examiner takes official notice that the aforementioned packets are well known 
packets of well-known Internet protocols such as TCP and PPP. A person having ordinary skill 
in the art would have readily recognized the uses and advantages of including different types of 
protocols and their respective packets in order to comply with multiple standards thus making the 
system more extensible. Therefore the claimed limitation would have been an obvious 
modification. 

In considering claims 16, 35, and 54, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that denying subsequent access includes affecting bandwidth for 
communications between the access requestor and the access provider (See Maher col. 7, lines 
56-67 through col. 8, lines 1-6). 

In considering claims 17, 36, and 55, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that denying access includes rerouting the access requestor (See Maher col. 3, 
lines 25- 
38). 

In considering claims 19, 38, 57, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that receiving the data packet includes receiving more than one data packet; 
and denying subsequent access by an access requestor to the access provider when a number of 
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payload portions that include the predetermined pattern exceed a configurable threshold number 
during a configurable period of time (See Cox. col. 3, lines 1 1-29 and col. 4, lines 16-40). 

(Amended) In considering claim 58, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses the method as in claim 1 wherein denying subsequent access by the access 
requestor to the access provider further comprises denying subsequent access from a group of 
access requestors to the access provider when a number of payload portions within the data 
packets that are received from the access provider by at least one access requestor which is a 
group member, include the predetermined pattern exceed a configurable threshold number (See 
Cox. col. 3, lines 11-29 and col 4, lines 16-40). 

(Amended) In considering claim 59, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses the method of claim 1 further comprises determining whether the access 
requestor is on a permitted access list that is associated with the access requestors, allowing 
subsequent access from the access requestor to the access provider conditioned on whether or not 
the access requestor is determined to be included in the permitted access list (See Cox. col. 3, 
lines 11-29 and col. 4, lines 16-40). 

(Amended) In considering claim 60, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses the method of claim 59 wherein determining whether the access requestor is 
included in the permitted access list further comprises determining whether the IP address of the 
access requestor is included in the permitted access list (see Eichstaedt col. 6, lines 46-61). 
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(Amended) In considering claim 61, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses the method of claim 1 wherein subsequent access by the access requestor to 
the access provider is denied for a pre-determined and limited period of time (see Alcendor, col. 
7, lines 27-33). 

(Amended) In considering claim 62, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses the method of claim 61 wherein denial of subsequent access by the access 
provider starts a new pre-determined and limited time period upon detecting an access request 
from the access requestor during the elapsing of the predetermined and limited period of time 
(see Alcendor, col. 7, lines 27-33). 

(Amended) In considering claim 64, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses the method of claim 1, wherein denying subsequent access by the access 
requestor is performed in response to a command received from the access provider, irrespective 
of the inspection of data packets received from the access provider (see Alcendor, col. 7, lines 
27-33). 

(New) In considering claim 68, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses the method of claim 1 1 wherein the predetermined pattern further includes a 
login request message (see Alcendor, col. 7, lines 27-33). 
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(New) In considering claim 69, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses the method of claim 1 1 wherein the login failure message includes a 
signature located at a specific offset from an end of the data packet communicated from the 
access provider of the access requestor (see Alcendor, col. 7, lines 27-33). 

(New) In considering claim 70, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses the method of claim 1 1 wherein login failure message includes login failure 
reasons (see Alcendor, col. 7, lines 27-33). 

Response to Arguments 

Applicant's arguments have been considered but are moot in view of the new ground(s) 
of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Alina N. Boutah whose telephone number is 571-272-3908. The 
examiner can normally be reached on Monday-Friday (9:00 am - 5:00 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A. Wiley can be reached on 571-272-3923. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 09/894,918 



Page 1 1 



Art Unit: 2143 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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